Posted by Robert in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
From networkworld.com
In today’s world of mobile workers, teleworkers, thumb drives, BlackBerries and social-networking sites, IT executives can’t worry about devices - they need to focus on protecting data wherever it is.
The obvious place to start - considering that an estimated 5,000 laptops are stolen or lost each year - is the laptop hard drive: It needs encryption. (Read a column about the Drive of shame.)
Software vendors and such open source projects as TrueCrypt offer whole disk encryption across all operating systems, and Microsoft offers disk encryption in Vista, so IT executives have no excuse for not encrypting laptop data. In addition, such hardware vendors as Fujitsu, Hitachi and Seagate Technology offer hardware-based disk encryption.
Another trouble spot …
Posted by Robert in category Anti Fraud |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
Again another email that try to steal Poste Italiane accounts redirecting the victim to a malicious website…
Message:
Gentile cliente,
Avete vinto 550 Euro il Bonus Poste Italiane
Per ricevere i fondi dovete verificare le vostre informazioni di cliente.
Accedi e verifica i dati per ricevere il bonus di 550 Euro!
Verrai informato telefonicamente per l`attivazione!
Importante: (Verifica entro 12 ore altrimenti perdi Bonus)
Cordiali saluti.
Poste Italiane S.p.A.
Header:
Received:
from User [62.123.96.26] by mail.wrsys.com with ESMTP (SMTPD32-7.07) id A32661xxxxxx; Thu, 01 May 2008 02:28:54 -0400
Subject: Avete vinto 550 Euro il Bonus Poste Italiane
To: undisclosed-recipients:;
Malicious Link present in the email (DO NOT CLICK IT!):
hXXp://poste.it.accedi.land.ru/login-privati1.asp?online/personale/login-home.fcc?TYPE=
33554433&REALMOID=06-b5208d98-1e41-108b-
Posted by Robert in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
From networkworld.com
Microsoft today dismissed reports of a critical vulnerability in its Windows Media Player, saying that the researcher who claims the bug could be exploited is wrong.
The flaw is a “reliability issue with no security risk to customers,” Microsoft researchers said.
According to researcher Laurent Gaffi, the vulnerability could be used by hackers armed with malformed .wav, .snd, or .mid audio files to compromise a PC running Windows XP or Vista .
Several editions of Windows Media Player, including Versions 9, 10 and the newest, 11, are vulnerable, Gaffi reported in his disclosure on Dec. 24 to the Bugtraq security mailing list. Gaffi also included proof-of-concept attack code that he said would allow remote code execution.
Microsoft …
Posted by Robert in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
From networkworld.com
Downloads of a new build of Microsoft’s upcoming Windows 7 operating system have soared in the last two days, with thousands of systems now pulling pirated copies from BitTorrent sites.
Windows 7 may add spice to CES
Windows 7 beta leaks to Internet
Searches today on the Pirate Bay BitTorrent site, for example, returned multiple listings of Windows 7 Build 7000, which Microsoft identifies as a beta candidate in the filename. The torrent is a disk image of the 32-bit version of Windows 7 Ultimate; a 64-bit version is not yet available.
The most heavily trafficked Windows 7 BitTorrent on Pirate Bay showed more than 4,300 “seeders” — the term for a computer that has …
Posted by Robert in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
From networkworld.com
A single malformed text message can prevent some Nokia smartphones from receiving further messages via SMS (Short Message Service) — and the offending message can be sent from almost any Nokia phone, even non-smartphone models, a German security researcher demonstrated Tuesday.
Nokia’s new N97 vs. the iPhone: Latest smartphone showdown
At least one security software vendor has already released software to protect against the denial-of-service attack, dubbed the “Curse of Silence” by the researcher that demonstrated it at the Chaos Communications Congress in Berlin, organized by Germany’s Chaos Computer Club (CCC).
CCC member Tobias Engel showed how smartphones running versions 2.6 through 3.1 of Nokia’s Series 60 software running on Symbian OS are unable to receive further messages …
January 1st, 2009 in
Hacking News | tags:
SMS attack |
No Comments
Posted by Robert in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
joseanpiti released this wonderfull free tool that will allow users to automatically analyze Windows PE (Portable Executable) malicious files. The package supports also a web interface.
Info:
Zero Wine is a malware’s behavior analysis tool. Just upload your suspicious PE file (windows executable) through the web interface and let it analyze the behaviour of the process.
Links:
Zero Wine Malware Analysis Tool
Posted by Robert in category Malware Analysis |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
Analysis Content: Christmas Postcard Spam and Trojan.Win32.Waledac
Released: 01.01.2009
Author of Analysis: Robert (robert@novirusthanks.org)
Sample submitted by: Steve (steve@novirusthanks.org)
Website: http://www.novirusthanks.org
Steve sent me a sample of a malware classified as Trojan.Win32.Waledac.
Steve received the malicious file in a Christmas Postcard Spam email and the file come from this malicious domain:
superchristmaslights.com
The file is named postcard.exe.
Report Generated 1.1.2009 at 23.45.44 (GMT 1)
Time for scan: 26 seconds
Filename: postcard.exe
File size: 378 KB
MD5 Hash: 31A8756B48576862E6312BDC063FA94B
SHA1 Hash: B463B6D251A26A86A1F1472D6DBC0D953F4B4D5C
CRC32: 1186267902
Application Type: Executable (EXE) 32bit
Packer detected: Nothing found *
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
ASCII Strings: View
Detection Rate: 10 on 23 (43.478 %)
Antivirus Sig Version Result
a-squared 01/01/2009 Trojan.Win32.Waledac!IK
Avira AntiVir 7.1.1.58 TR/Proxy.Gen
Avast 090101-0 Nothing found!
AVG 270.10.1/1870 Downloader.Generic_r.CL
BitDefender 01/01/2009 Nothing found!
ClamAV 01/01/2009 Nothing found!
Comodo …
Posted by Robert in category Malware Analysis |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
Analysis Content: Fake Codec that install Zlob Trojan
Released: 30.12.2008
Author of Analysis: Robert (robert@novirusthanks.org)
Website: http://www.novirusthanks.org
I have found another website that trick the users to download a fake codec that in real will install the Zlob Trojan. The common phrase used to trick the user to download the codec is always the same: “Hey Download this Codec that is needed to play the video”
Here there are some screenshots:
If you click on one of the 3 buttons you always get redirected to download the .EXE file:
The file downloaded is named wmpcdcs.exe and is classified as DR/Zlob.Gen.
After the execution of the malicious file, appeared a new window:
and some new files were created …
December 29th, 2008 in
Malware Analysis | tags:
66.235.177.6,
BHO.ard,
bits.dll,
i5i.in,
iexplore.exe,
qinfr2.php,
svchost.exe,
Trojan.Peed.Gen,
Win32.SuspectCrc,
wmpcdcs.exe,
xsl81731.dll,
Zlob Trojan,
Zlob.Gen |
No Comments
Posted by Steve in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
From theregister.co.uk
Microsoft came clean and admitted its SQL Server database software is vulnerable to code injection attacks. It’s not a new flaw but the same bug in the database software that emerged around the time of Microsoft’s monthly Patch Tuesday update earlier this month.
In an advisory, Redmond’s security gnomes confirmed that code has been produced that exploits a security bug affecting Microsoft SQL Server 2000, Microsoft SQL Server 2005 and Windows Internal Database, in certain configurations.
On the plus side, Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are immune from the flaw. Third party apps that make use of the vulnerable code also appear to …
Posted by Steve in category Hacking News |
tag splits post/page into two parts: only content before tag should be displayed in listing. -->
From blog.trendmicro.com
The holidays will be a time for refreshing connections, both in the real world, and online. Sadly, a ZLOB variant is being used by cyber criminals in this recent predictable spin on the malware social networking scene. Users of Friendster, a social networking site hugely popular in Asia, may have recently received an email via the site’s internal messaging utility that entices them to view a video.
Figure 1. Users receiving email via Friendster may feel safe since the email arrives within the Friendster zone. However, the email links to an external site.
In this particular case, the link is a front for a quick redirection which leads the user to a fake video site. However, …
Read More…